Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Mattermost Subscribe
Total 194 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-20874 1 Mattermost 1 Mattermost Server 2021-07-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information during a role change.
CVE-2019-20880 1 Mattermost 1 Mattermost Server 2021-07-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. It allows attackers to cause a denial of service (memory consumption) via OpenGraph.
CVE-2019-20883 1 Mattermost 1 Mattermost Server 2021-07-21 3.5 LOW 4.3 MEDIUM
An issue was discovered in Mattermost Server before 5.8.0, when Town Square is set to Read-Only. Users can pin or unpin a post.
CVE-2019-20859 1 Mattermost 1 Mattermost Server 2021-07-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.15.0. Login access control can be bypassed via crafted input.
CVE-2019-20849 1 Mattermost 1 Mattermost Mobile 2021-07-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Mobile Apps before 1.26.0. Cookie data can persist on a device after a logout.
CVE-2019-20881 1 Mattermost 1 Mattermost Server 2021-07-21 7.5 HIGH 7.3 HIGH
An issue was discovered in Mattermost Server before 5.8.0. It mishandles brute-force attacks against MFA.
CVE-2020-14457 1 Mattermost 1 Mattermost Server 2021-07-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 5.20.0. Non-members can receive broadcasted team details via the update_team WebSocket event, aka MMSA-2020-0012.
CVE-2020-14458 1 Mattermost 1 Mattermost Server 2021-07-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.19.0. Attackers can discover private channels via the "get channel by name" API, aka MMSA-2020-0004.
CVE-2019-20855 1 Mattermost 1 Mattermost Server 2021-07-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.16.1, 5.15.2, 5.14.5, and 5.9.6. It allows attackers to obtain sensitive information (local files) during legacy attachment migration.
CVE-2019-20850 1 Mattermost 1 Mattermost Mobile 2021-07-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Mobile Apps before 1.26.0. A view cache can persist on a device after a logout.
CVE-2020-14460 1 Mattermost 1 Mattermost Server 2021-07-21 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in Mattermost Server before 5.19.0, 5.18.1, 5.17.3, 5.16.5, and 5.9.8. Creation of a trusted OAuth application does not always require admin privileges, aka MMSA-2020-0001.
CVE-2019-20845 1 Mattermost 1 Mattermost Server 2021-07-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 5.18.0. It allows attackers to cause a denial of service (memory consumption) via a large Slack import.
CVE-2019-20873 1 Mattermost 1 Mattermost Server 2021-07-21 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information during user activation/deactivation.
CVE-2019-20879 1 Mattermost 1 Mattermost Server 2021-07-21 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. Changes to e-mail addresses do not require credential re-entry.
CVE-2019-20875 1 Mattermost 1 Mattermost Server 2021-07-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows a password reset to proceed while an e-mail address is being changed.
CVE-2020-13891 1 Mattermost 1 Mattermost 2021-07-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Mobile Apps before 1.31.2 on iOS. Unintended third-party servers could sometimes obtain authorization tokens, aka MMSA-2020-0022.
CVE-2019-20884 1 Mattermost 1 Mattermost Server 2021-07-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 5.8.0. It allows attackers to partially attach a file to more than one post.
CVE-2019-20878 1 Mattermost 1 Mattermost Server 2021-07-21 4.0 MEDIUM 4.3 MEDIUM
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. Changes, within the application, to e-mail addresses are mishandled.
CVE-2020-14449 1 Mattermost 1 Mattermost Mobile 2021-07-21 4.3 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Mobile Apps before 1.30.0. Authorization tokens can sometimes be disclosed to third-party servers, aka MMSA-2020-0018.
CVE-2019-20877 1 Mattermost 1 Mattermost Server 2021-07-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information about whether someone has 2FA enabled.